Telecom Signaling Industry News

TMCNet:  WellPoint Settles with HHS for $1.7 Million for Potential HIPAA Violations

[July 16, 2013]

WellPoint Settles with HHS for $1.7 Million for Potential HIPAA Violations

Jul 16, 2013 (Close-Up Media via COMTEX) -- Managed care company WellPoint Inc. has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

According to a release, this case sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers' health data using the Internet.

The HHS Office for Civil Rights (OCR) began its investigation following a breach report submitted by WellPoint as required by the Health Information Technology for Economic and Clinical Health, or HITECH Act. The HITECH Breach Notification Rule requires HIPAA-covered entities to notify HHS of a breach of unsecured protected health information.

The report indicated that security weaknesses in an online application database left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet.

OCR's investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule.

The investigation indicated WellPoint did not: -adequately implement policies and procedures for authorizing access to the on-line application database -perform an appropriate technical evaluation in response to a software upgrade to its information systems -have technical safeguards in place to verify the person or entity seeking access to electronic protected health information maintained in its application database.

As a result, beginning on Oct. 23, 2009, until Mar. 7, 2010, the investigation indicated that WellPoint impermissibly disclosed the ePHI of 612,402 individuals by allowing access to the ePHI of such individuals maintained in the application database. This data included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information - especially information that is accessible over the Internet.

Beginning Sept. 23, liability for many of HIPAA's requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors.

((Comments on this story may be sent to

[ Back To Telecom Signaling's Homepage ]

Featured Events

5G NA Signaling Day

November 14-16, 2016
Sheraton Dallas, Dallas, TX

Featured Webcasts

Securing The Signaling Interconnect: Oracle's Perspective On Recent Security Events

Today's telecommunications landscape is changing rapidly, and the "institution" of trust between networks that has been assumed over the decades is no longer relevant. We are now hearing of vulnerabilities in CSP interconnection points that have been known ...

Applications of Wi-Fi Calling

With all of the discussion about faster data access and richer content, it could be assumed that voice services no longer play an important role in the business model of the communications service provider. Join ReThink Technologies Research and Oracle Communications as we explore ...

Featured Whitepapers

Oracle Communications Diameter Signaling Router Main Differentiators

Diameter is the protocol used by network elements in LTE and 3G networks to enable and monetize services, such as voice, video and data. Diameter enables revenue-generating data services; including tiered data plans, loyalty programs, application specific QoS, content provider and Internet of Things (IoT) solutions ...

Multi-Layer Security Protection for Signaling Networks

The sanctity of mobile operators' networks and brands will depend greatly on their ability to deliver QoS guarantees to roaming and interconnect partners, while simultaneously protecting increasingly multimedia-savvy and socially connected ...

Featured Datasheets

Oracle Communications Diameter Signaling Router

Centralizing Diameter routing with cloud deployable Oracle Communications Diameter Signaling Router creates a secure signaling architecture that reduces the cost and complexity of the core network and enables elastic growth, interoperability and rapid introduction ...

Oracle Communications Mobile Security Gateway

The Oracle Communications Mobile Security Gateway is a high performance gateway that allows the Communications Service Provider (CSP) to cost effectively expand network coverage and increase capacity by incorporating Heterogeneous ...

Oracle Communications Evolved Communications Application Server

As service providers drive their networks toward an all-IP and virtualized state, they require the means to design and deliver compelling high definition voice, video and multimedia offers via Voice over LTE (VoLTE) and Voice over WiFi (VoWiFi) ...

Featured Infographic